用于获取tt热销数据的技能

v1.0.0

用于获取和分析TikTok当前爆款商品数据，支持定时同步和拉取任务，需配置4seller API密钥。

⭐ 0· 27·0 current·0 all-time

Security Scan

Capability signals

Requires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the implemented behavior: the code registers tools to call a 4seller TikTok sales-rank API and the manifest declares an apiKey and apiBaseUrl. The plugin does not request unrelated credentials or system access. Minor mismatch: the openclaw.plugin.json default apiBaseUrl includes the full endpoint path (not just base origin), which is inconsistent with how the code appends path segments (this is a functional bug, not an unexplained privilege request).

✓

Instruction Scope

SKILL.md only instructs configuring the plugin (openclaw.json) and how to call the provided tools or create cron jobs; it does not ask the agent to read arbitrary files, environment variables, or transmit data to endpoints other than the configured 4seller API. The cron skill suggests using the CLI to add jobs rather than the plugin altering system cron itself.

✓

Install Mechanism

No install spec is provided (instruction-only for runtime), and the package contains normal JS source files with no obfuscated or remote-download install steps. Dependencies are minimal and from package.json; there are no extract-from-URL or personal-server installs.

✓

Credentials

The plugin requires a single API key (apiKey) and optional apiBaseUrl and timeout in plugin config; it does not request unrelated secrets or environment variables. Note: the plugin reads its config from OpenClaw plugin configuration (openclaw.json) rather than environment variables, which is consistent with the SKILL.md and manifest.

✓

Persistence & Privilege

The skill is not always-enabled, does not request elevated platform privileges, and will disable itself if apiKey is absent. It does not modify other skills or system-wide settings; cron setup is performed by a user-invoked CLI command suggested in docs.

Assessment

This plugin appears to do exactly what it says: call a 4seller TikTok sales-rank API using an apiKey stored in your OpenClaw plugin config. Before enabling: (1) verify you trust the 4seller service and that the API key has appropriate, limited permissions; (2) correct or verify apiBaseUrl in your config — the manifest's default contains the full endpoint path which may lead to duplicated path segments when combined with the code; (3) test calls in an isolated session and review returned callTime/source fields as required by the docs; (4) monitor usage/rate limits and rotate the API key if you suspect misuse.

Like a lobster shell, security has layers — review code before you run it.

latestvk973x8nrx80r9d9eq979nyv63n8595gj

27downloads

0stars

1versions

Updated 10h ago

v1.0.0

MIT-0

4seller TKSourcing Plugin

这是一个为 TikTok 卖家业务提供的综合自动化插件包。

包含的技能 (Skills)

本插件包含以下两个主要技能：

获取爆款商品 (tiktok-hot-products)
- 功能：用于获取和分析 TikTok 当前的爆款商品数据。
定时任务 (tiktok-cron)
- 功能：用于定期执行数据同步或拉取任务。

环境与配置要求

需要在 openclaw.json 中提供 4seller 的 API 密钥 (apiKey) 等必要配置。

Comments

Loading comments...